BugChan

BugChan is a decentralized bug bounty platform designed for the Web3 ecosystem. It connects security researchers and blockchain projects through smart contract-powered bounties, guaranteeing transparent and trustless payouts without intermediaries. Vulnerability reports are end-to-end encrypted on the client side before being stored on IPFS, keeping sensitive data private while maintaining verifiable, time-stamped records on-chain.

Researchers build their on-chain reputation through accepted submissions, while projects gain a provably fair and efficient system for managing and rewarding security disclosures. Every step of the process from funding a bounty in an on-chain escrow to the final payout is auditable, censorship resistant, and programmatically enforced.

BugChan is built with a modern, decentralized stack, leveraging Scaffold-ETH 2 for its foundational structure.

The on-chain logic is powered by Solidity smart contracts developed and tested using Hardhat 3. The architecture consists of a BountyFactory contract that deploys individual Bounty contracts for each program. Each Bounty contract acts as a self-contained module, handling its on-chain escrow, submission tracking, staking/slashing logic, and automated reward distribution.

The frontend is a server-side rendered application built with Next.js (App Router), TypeScript, React, and Tailwind CSS. All blockchain interactions are managed through Wagmi and Viem, providing a seamless and reactive user experience. For confidential report handling, the platform integrates the Lighthouse SDK to perform client-side encryption before uploading reports to IPFS, ensuring that only the bounty owner can decrypt the sensitive data.

The result is a secure, modular, and fully decentralized bug bounty system designed for the future of Web3.